CN101836422B - Bidirectional gateway with enhanced security level - Google Patents

Bidirectional gateway with enhanced security level Download PDF

Info

Publication number
CN101836422B
CN101836422B CN2008801126654A CN200880112665A CN101836422B CN 101836422 B CN101836422 B CN 101836422B CN 2008801126654 A CN2008801126654 A CN 2008801126654A CN 200880112665 A CN200880112665 A CN 200880112665A CN 101836422 B CN101836422 B CN 101836422B
Authority
CN
China
Prior art keywords
data
equipment
return path
packet
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008801126654A
Other languages
Chinese (zh)
Other versions
CN101836422A (en
Inventor
B·德克莱蒂
C·豪里
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Safran Electronics and Defense SAS
Original Assignee
Sagem Defense Securite SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sagem Defense Securite SA filed Critical Sagem Defense Securite SA
Publication of CN101836422A publication Critical patent/CN101836422A/en
Application granted granted Critical
Publication of CN101836422B publication Critical patent/CN101836422B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Abstract

A secure gateway allows bidirectional communication between two communication networks. A first high-security network and a second network whose security is lower. The gateway is bidirectional with enhanced security level between a high-security communication network and a low-security communication network. For this purpose, the return pathway from the low-security network to the high-security network comprises a low-speed link. The physical layer of this low-speed link differs from the physical layers involved both in the high-security network and in the low-security network. This low-speedlink is endowed with a linking layer according to a protocol which differs from the protocols used on the linking layers used both on the high-security network and on the low-security network. Advantageously, the linking layer of the low-speed link is furnished with an authentication protocol making it possible to guarantee the origin of the data.

Description

Bidirectional gateway with level of security of enhancing
Technical field
The present invention relates to a kind of security gateway, it allows two communication networks, is the two-way communication between second lower network of first high security network and fail safe.
Background technology
Fig. 1 illustrates the general frame of the system that the present invention is positioned at.Gateway (Reference numeral is 1.1) allows first network (Reference numeral is 1.2) to be connected with second network (Reference numeral is 1.3).In the context of the present invention, the level of security of these two networks is inequality.Use term " network " to refer to communication network and the institute that can the communicate with one another equipment of connection to some extent at this.Level of security means all operations rule and the constraint that puts on network, in order to guarantee to have only the data flow of expection can pass through this network delivery, these data flow are transmitted between the equipment of expection, and these data flow are difficult for being caught by unwarranted equipment.When the different network of level of security communicates with one another, need guarantee that the high security network can not suffer the destruction from the attack of low-security network.In the environment of the high level of security of ask for something, this assurance must be very strong, perhaps or even absolute.An example of this environment relates to avionics, and the data network that wherein connects the control appliance of airborne vehicle definitely must particularly provide very high level of security in flight course.Yet advantageously that this high security network and fail safe is lower network is connected, especially so that recovery is about the data of various flight parameters in maintenance process.Also advantageously in flight course can passenger's network provide about flight real time information.
Known between two different networks of level of security the structure unidirectional gateway.In this case, this gateway allows data to transmit from the high security network to the low-security network.Unidirectional side can even be guaranteed in the physical layer of communication, and this is for example by using the diode described in the same applicant's who announces with publication number FR 2 862399 the patent application to realize.Such gateway guarantees can not jeopardize the high security network from the attack of low-security network.
Yet, in order to allow the operation of some application, need to transfer to the high security network from the information of low-security network.This information may be simple order sometimes.
Can the data transfer procedure from the high security network to the low-security network, have available flow-control mechanism also advantageously.Current control needs and information can be sent back to transfer source, therefore information is sent back to the high security network from the low-security network.Yet, wish level of security is maintained very high rank.Therefore need to guarantee be back to the control of the information of high security network from the low-security network.This control guarantees very high level of security.
Conventional is to utilize fire compartment wall to produce gateway in this case.These fire compartment walls are organized the filtration of the data propagated by gateway.These filtrations be according to employed communication protocol with communicate by letter in related port address and port numbers carry out.Yet the level of security that this fire compartment wall provides is not enough under the special high environment of some high security demands.Advantageously can improve the level of security of this gateway so that the level of security of the level of security that can guarantee to provide close to unidirectional gateway.
Summary of the invention
The present invention proposes a kind of bidirectional gateway of the level of security with enhancing between high security communication network and low-security communication network.For this reason, the return path from the paramount security network of low-security network comprises low speed chain circuit.The physical layer of this low speed chain circuit is different from physical layer related in high security network and the low-security network.This low speed chain circuit have according to the link layer of the agreement that employed agreement is different on employed link layer on high security network and the low-security network.Advantageously, the link layer of this low speed chain circuit is equipped with the authentication protocol in the source that guarantees data.
Gateway according to the present invention provides high level of security by the simple mechanisms that is easy to prove.Therefore it can be used to have in the application of the high security constraint that must guarantee by solution provider.
The present invention relates to a kind of equipment (2.1) at least two data communication networks of interconnection, its first network that will be called as the high security network is connected with second network that at least one is called as the low-security network, comprising: with first communication interface (2.11) of high security network; Second communication interface (2.12) with the low-security network; Be connected to the routing module (2.3) of first interface; Be connected to the adaptation module (2.8) of second interface; The unidirectional path that is called as downlink path (2.4,2.6) between routing module (2.3) and adaptation module (2.8) is used for data are sent to adaptation module (2.8) from routing module (2.3); And the unidirectional path that is called as return path (2.5 between adaptation module (2.8) and routing module (2.3), 2.7,2.8), be used for data are sent to routing module (2.3) from adaptation module (2.8), all data between first interface (2.11) and second interface (2.12) transmit must pass through these two unidirectional paths.
According to a particular embodiment of the invention, this equipment also comprises for the device (2.6) that guarantees the unidirectional side of downlink path in physical layer.
According to a particular embodiment of the invention, this equipment also comprises the device (2.10) of speed that reduces at least a portion of return path for the speed with respect to the interface of this equipment, thereby forms the link that is called as low speed chain circuit.
According to a particular embodiment of the invention, this low speed chain circuit (2.10) is serial link.
According to a particular embodiment of the invention, this equipment is included in the fire compartment wall (2.7) on the return path, and it filters the data of transmitting by return path.
According to a particular embodiment of the invention, this equipment also comprises: device (2.8) is used for the data formatization that will transmit by return path in the upstream of low speed chain circuit according to the communication protocol different with the communication protocol of communication on the interface that is used to this equipment; And device (2.5), be used for the data of transmitting by return path from the formatted data reconstruct according to the different communication protocol of the communication protocol of the communication on described and the interface that is used to this equipment in the downstream of low speed chain circuit.
According to a particular embodiment of the invention, the communication protocol that the communication protocol of the communication on described and the interface that is used to this equipment is different is used packet, this packet comprises the label (3.1) of the type of identification data, and fire compartment wall comprises the device that grouping is filtered for according to the tabulation of the label that is authorized to.
According to a particular embodiment of the invention, at each label definition peak transfer rate, fire compartment wall (2.7) comprises for the transmission packets speed of each label of checking and abandon the device of the grouping of given label under the situation that this speed is exceeded.
According to a particular embodiment of the invention, at the multiple mode of operation of this device definition, the mode of operation of this equipment is depended in the tabulation of the label that is authorized to.
According to a particular embodiment of the invention, all data by return path transmission all by asymmetric key mechanisms by cryptographic signatures, this equipment also comprises for the encryption apparatus that the identity of data source is verified (2.5).
According to a particular embodiment of the invention, all data by return path transmission all by asymmetric key mechanisms by password encryption, this equipment also comprises for the encryption apparatus that the data of transmitting are decrypted (2.5).
The invention still further relates at the method for flow control according to the transmission of the packet in claim 10 or the 11 described equipment, at each packet, this method comprises the step of being transmitted this packet by routing module, comprising:
-preparation is called as the step of the signature packet of Ok grouping;
-preparation is called as the step of the signature packet of Ko grouping;
-on downlink path with the step of this packet and Ok and the transmission of Ko packet joining;
And by the step that adaptation module receives, comprising:
The step of the correct transmission of this packet of-test;
If-transmission is correctly carried out, then transmit the step of Ok grouping at return path;
If-transmission is carried out mistakenly, then transmit the step of Ko grouping at return path.
According to a particular embodiment of the invention, this method also comprises: in the step of periodically being transmitted the signature packet that is called as NOP during preset time under situation about not receiving on the return path by routing module on downlink path; And by the step of adaptation module in any NOP grouping that receives in downlink path of return path transmission.
Description of drawings
After the following description of having read example embodiment, above-mentioned feature of the present invention and further feature will more clearly display, and described description provides by reference to the accompanying drawings, wherein:
Fig. 1 illustrates the general frame of the system that the present invention is positioned at.
Fig. 2 illustrates the framework of an exemplary embodiment of the present invention.
Fig. 3 is illustrated in the form of the packet of transmitting by low speed chain circuit in this example embodiment of the present invention.
Fig. 4 illustrates the operation of the fire compartment wall of this example embodiment of the present invention.
Fig. 5 illustrates the operation of affirmation mechanism in this example embodiment of the present invention.
Embodiment
Figure 2 illustrates the framework according to the gateway of this example embodiment.It is 2.2 so-called confidence region 2.2 that gateway 2.1 comprises Reference numeral.This confidence region provides the level of security of the high security network that is connected with communication interface 2.11.And the low-security network connection is to communication interface 2.12.These external communication interface 2.11 and 2.12 of gateway all are standard interfaces, such as the Ethernet interface according to the standard 802.3 of IEEE (Institute of Electrical and Electric Engineers).These interfaces allow the communication according to IP agreement (by the Internet Protocol of RFC791 definition).This gateway comprises routing module (Reference numeral is 2.3) in the confidence region, be in charge of the link with the high security network.This routing module is connected with two unidirectional paths: by from the high security network and go to the so-called downlink path that the data service of low-security network is adopted; With by from the low-security networking and go to the so-called return path that the data service of high security network is adopted.Reference numeral is that 2.8 adaptation module constitutes the link between low-security network 2.12 and two one-way channels.All data services between high security network and the low-security network must be passed through these two one-way channels.Any other path that does not exist the data by gateway to adopt.
Downlink path comprises that Reference numeral is 2.4 and is called as the path management module of DMZ-out.Data by this downlink path preferably are 2.6 diode by Reference numeral, and this diode allows to guarantee can oppositely not transmit data by downlink path in physical layer.Utilize this diode, the fail safe of downlink path is complete.
Return path comprises that Reference numeral is 2.10 and is called as the particular communication links of low speed chain circuit.The communication that this low speed chain circuit 2.10 allows between adaptation module 2.8 and the fire compartment wall 2.7 is responsible for filtering the data by this low speed chain circuit 2.10.In case these data are filtered by fire compartment wall 2.7, these data just be transferred to routing module 2.3 in case before transferring to the high security network by Reference numeral be 2.5 and second path management module that is called as DMZ-in handle.If necessary, media reader 2.9 can be connected to this path management module DMZ-in.
An aspect of the fail safe of gateway from downlink communication with return the physical separation of communicating by letter.Communication is separated into two unidirectional paths permissions to the specific control of the communication on two paths.In fact, do not need comprehensive control from the down link data of high security network, safe because it is assumed to be, and return data is to need control comprehensively so that the suspicious data of the destruction risk of restriction high security network.
We observe, and downlink path is advantageously protected by the diode that prevents return information on physical layer.Under this favourable situation, gateway and therefore the level of security of high security network will depend on rank to the control of the information that adopts return path.Therefore all controlling mechanisms that are used to control this return path will limit the service that can be used by gateway and its level of security.The mechanism that is used for management low speed chain circuit 2.10 and fire compartment wall 2.7 advantageously is embodied in same Programmable Logic Device.
An aspect of the control of return path relates to the character of the so-called low speed chain circuit 2.10 between adaptation module 2.8 and fire compartment wall 2.7.This link is called as low speed, because it is constructed to guarantee low data transfer rate.In fact, the low speed of usually about several kilobytes of per second makes any so-called heavy attack (comprising by a large amount of trials of gateway and therefore request) become impossible.Serial link preferably is used to implement low speed chain circuit 2.10, but ARINC 429, CAN bus or discrete link also can be used.This serial link guarantees to compare with employed speed on the low-security network with high security on the return path speed of reduction physically and in open-and-shut mode, wherein said high security and low-security network usually on the Ethernet physical link with about per second 10,000,000 or even the speed operation of hundred Mbytes.Therefore, between the speed of the maximal rate of low speed chain circuit and gateway interface, speed reduce can be between 1000 and 10000 the factor.Therefore this aspect of the control of return path relates to the physical unit that uses the maximal rate that reduces this return path.
The level of security of this low speed chain circuit advantageously replenishes by the communication protocol abort mechanism.For this reason, specific protocol is used on the low speed chain circuit.This agreement manages by the adaptation module 2.8 of this link upstream and the path management module DMZ-in 2.5 in downstream.According to this agreement, adaptation module 2.8 is with the data formatization of transmitting, and the data that path management module DMZ-in will transmit from the data reconstruction according to this formatted.The data that fire compartment wall only transmits according to this protocol filtering, and therefore guarantee by any data of return path consistent with this agreement.Therefore can not transmit data by uplink path according to conventional agreement, for example IP (by the Internet Protocol of RFC791 definition), UDP (by the User Datagram Protoco (UDP) of RFC768 definition) or TCP (by the transmission control protocol of RFC793 definition).Because this agreement is ended, make to attack to become more difficult.In fact, employed agreement is undocumented (nondocument é) and cannot be from the outside agreement that obtains of gateway, because this low speed chain circuit connects two intrawares of gateway on low speed chain circuit.
In this example embodiment of the present invention, this agreement is used structure transmitted in packets shown in Figure 3.
These groupings comprise first field 3.1, and it comprises the label for the type of describing the data that transmit.A label value is corresponding to the order that sends, and another label value is corresponding to data, and another label value may be corresponding to below with the flow-control mechanism of describing.Can use other type.Grouping also comprises field 3.2, and it comprises the data that transmit.The field 3.3 of grouping comprise verification and, CRC (cyclic redundancy check (CRC)) for example is in order to guarantee the integrality of the data that transmit.Prepare grouping by adaptation module 2.8, this adaptation module is especially carried out the conversion at physical link, the notice of label and the calculating of CRC.The data that transmit are by source preparation, and this source utilizes authentication mechanism that data are signed then.It is right that these groupings include the data/descriptor of usefulness.This descriptor is included in these data of downstream reconstruct of link with the information of needs.This is to be used for exectorial protocol information corresponding to order or during store instruction when data under the situation of data.These data are signed for coming from the source, make the checking entity can verify its source and use these data relievedly.Therefore, the data that transmit by low speed chain circuit are corresponding to useful data and relevant descriptor, and are overall signed and encrypted alternatively.
Fire compartment wall is intended to guarantee only to pass through this low speed chain circuit according to the grouping of this transportation protocol.The main action of being carried out by this fire compartment wall is described in Fig. 4.In the process of step 4.1, fire compartment wall check packet label is to be authorized to and known label.For example, check this label to form the part of the tabulation of the label that is authorized to.In the process of possible step 4.2, check is corresponding to the transmission rate of the grouping of this label.In this case, at every kind of data type and therefore at each label definition peak transfer rate.If the grouping receiving velocity of given label surpasses fixed threshold, grouping is dropped so.This check guarantees to prevent from sending in large quantities the grouping that calibration is signed.This is the supplementary protection that prevents the destruction of the adaptation module that is directly connected to the low-security network.In the process of step 4.3, fire compartment wall work for inspection pattern.This step is performed under the situation that has defined several mode of operations.Some data type and therefore some label under some mode of operation, can be under an embargo.Typically, under the situation about using in avionics, ground mode and offline mode are defined.Have only when airborne vehicle therefore on ground and when gateway is in ground mode, some data type just will be authorized to.These identical labels will be under an embargo in offline mode.Therefore the tabulation of the label that is authorized to can depend on the mode of operation of gateway.At last, in the process of step 4.4, fire compartment wall is checked the integrality of grouping by checking and (typically being CRC).
After passing through fire compartment wall, grouping is transferred to path management module DMZ-in.This module DMZ-in is responsible for the explanation of these groupings, according to label to the reconstruct of these groupings and the check of authentication mechanism.As mentioned above, the data of transmitting utilize one group of unsymmetrical key to sign.They comprise signature, and wherein the module DMZ-in certificate that can utilize required public keys and this signature to comprise is checked this signature.In order to improve level of security, need any data by uplink channel transmission to sign by the unsymmetrical key authentication mechanism.Therefore that guarantee to have only expection and can be sent data to the high security network by the suitable participant of authentication.Preferably, data also utilize identical certificate to be encrypted.Therefore module DMZ-in guarantees to sign and is verified and the therefore identity in check data source.When must the data that send being divided into several groupings so that when transmitting by low speed chain circuit by adaptation module, module DMZ-in is reconstructed divided data.In case they by reconstruct with and integrality and source be verified by the processing of digital signature, these data may be delivered into their receiving terminal to handle.If data are encrypted, then receiving terminal with transfer of data to module DMZ-out to be decrypted.In fact, in described embodiment, encryption and decryption are carried out by the encryption device of the encryption device among the module DMZ-out, for example SIM card (subscriber identity module) type.These devices comprise private cipher key, and this private cipher key allows module DMZ-out before giving diode with the transfer of data of its reception these data to be encrypted or the data that provided by encryption uplink flow receiving terminal are decrypted.
This gateway permission enforcement needs the mutual simple mechanisms between two networks.Therefore can send data to the high security network.Also can send the order that sends data in the opposite direction for triggering.
Client on the low-security network become can trigger data transmission and select it to wish the data that receive from the high security network.These mechanism are implemented by the participant by the suitable authentication of a limited number of mechanism quilt in check mode.All data of returning are all used the limited channel of speed, and use nonstandard protocol to transmit.All packets according to this nonstandard protocol are filtered by dedicated firewall, and this dedicated firewall implements to be suitable for the filtering rule of this agreement according to the constraint relevant with various data types.These constraints can comprise transmission rate, be the speed of data of particular type and the mode of operation of gateway.
Particularly, can implement current control to the data to the low-security network delivery from the high security networking.Fig. 5 shows this mechanism.For this reason, path management module DMZ-out can be returned to its two groupings by adaptation module for each packet preparation that sends.Step 5.1 that Here it is, 5.2 and 5.3.First grouping is called as the Ok grouping and will means that this packet is adapted module and correctly receives.Second data grouping is called as the Ko grouping and will means that this grouping is not adapted module and correctly receives.Observe, any grouping all must suitably be signed, in order to accepted by the return path of gateway.Therefore, Ok and Ko grouping will be signed by its transmitter at the high security network side.This transmitter can be module DMZ-out.In the process of step 5.4, this packet and two grouping Ok and Ko are transmitted in the lump.When adaptation module received this packet, adaptation module was returned (step 5.6 and 5.7) Ok grouping and Ko grouping according to the test 5.5 to the data transmitted in packets by return path.Because these packets are suitably signed by module DMZ-out, so these packets without a doubt can be not destroyed by the check of carrying out at return path.When receiving the Ko grouping, module DMZ-out retransmits by the wrong grouping that receives.When receiving the Ok grouping, module DMZ-out continues next grouping of transmission.This mechanism goes for the current control by emitter window equally, and wherein the size of emitter window is carried out adaptive according to the type of received Ok or Ko grouping.
If do not receive response within a certain period of time, module DMZ-out produces the grouping that is called as the NOP grouping.This grouping is corresponding to dividing into groups with the incoherent Ok of packet.This grouping is transmitted in order to be returned by adaptation module by downlink path.Under the situation that does not receive the grouping of returning, circuit can be considered to interrupt.The NOP grouping continues to be transmitted regularly, recovers normal in order to allow to detect.The short of NOP that returns that receives divides into groups, and does not just transmit any packet.Be returned be transferred to module DMZ-out before, these Ok, Ko and NOP grouping makes an explanation by module DMZ-in and checks.
Advantageously, at these Ok, implement bob-weight in Ko and the NOP grouping and put mechanism.This mechanism can be implemented in grouping with the form of sequence number or timestamp (English timestamp).This bob-weight mechanism of putting is avoided any attack of returning these groupings by malice.
Flow-control mechanism not necessarily is applied to all down link datas and transmits.Particularly, can carry out the transmission of low volume data according to so-called " sending-forget " pattern.Under this pattern, module DMZ-out sends packet and does not produce Ok or Ko grouping.These groupings are not stored, and their correct transmission is not verified.

Claims (13)

1. be used for the equipment (2.1) of at least two data communication networks of interconnection, first network that will be called as the high security network is connected with second network that at least one is called as the low-security network, comprising:
-with first communication interface (2.11) of high security network;
-with the second communication interface (2.12) of low-security network;
-be connected to the routing module (2.3) of first interface;
-be connected to the adaptation module (2.8) of second interface;
It is characterized in that this equipment also comprises:
-the unidirectional path that is called as downlink path (2.4,2.6) between routing module (2.3) and adaptation module (2.8) is used for data are sent to adaptation module (2.8) from routing module (2.3); And
-the unidirectional path that is called as return path (2.5 between adaptation module (2.8) and routing module (2.3), 2.7,2.8), be used for data are sent to routing module (2.3) from adaptation module (2.8), all data between first interface (2.11) and second interface (2.12) transmit must pass through these two unidirectional paths, and adaptation module (2.8) constitutes the link between these unidirectional paths and second interface (2.12).
2. equipment according to claim 1 is characterized in that, this equipment also comprises for the device (2.6) that guarantees the unidirectional side of downlink path in physical layer.
3. equipment according to claim 1 and 2 is characterized in that, this equipment also comprises for comparing the device (2.10) of the speed of at least a portion that reduces return path with the speed of the interface of this equipment, thereby forms the link that is called as low speed chain circuit.
4. equipment according to claim 3 is characterized in that, this low speed chain circuit (2.10) is serial link.
5. according to the described equipment of one of claim 1 to 2, it is characterized in that this equipment is included in the fire compartment wall (2.7) on the return path, be used for filtering the data of transmitting by return path.
6. equipment according to claim 3 is characterized in that, this equipment also comprises:
-device (2.8) is used for the data formatization that will transmit by return path in the upstream of low speed chain circuit according to the communication protocol different with the communication protocol of communication on the interface that is used to this equipment;
-device (2.5) is used for the data of transmitting on return path from the formatted data reconstruct according to the different communication protocol of the communication protocol of the communication on described and the interface that is used to this equipment in the downstream of low speed chain circuit.
7. equipment according to claim 6, it is characterized in that, the communication protocol that the communication protocol of the communication on described and the interface that is used to this equipment is different is used packet, this packet comprises the label (3.1) of the type of identification data, and fire compartment wall comprises the device that grouping is filtered for according to the tabulation of the label that is authorized to.
8. equipment according to claim 7, it is characterized in that, at each label definition peak transfer rate, fire compartment wall (2.7) comprises for the transmission packets speed of each label of checking and abandon the device of the grouping of given label under the situation that this speed is exceeded.
9. equipment according to claim 6 is characterized in that, at the multiple mode of operation of this device definition, the mode of operation of this equipment is depended in the tabulation of the label that is authorized to.
10. according to the described equipment of one of claim 1 to 2, it is characterized in that, all data of transmitting by return path all by asymmetric key mechanisms by cryptographic signatures, this equipment also comprises for the encryption apparatus that the identity of data source is verified (2.5).
11. equipment according to claim 10 is characterized in that, all data of transmitting by return path all by asymmetric key mechanisms by password encryption, this equipment also comprises for the encryption apparatus that the data of transmitting are decrypted (2.5).
12. the method for flow control according to the transmission of the packet in claim 10 or the 11 described equipment is characterized in that at each packet, this method may further comprise the steps:
-transmit the step of this packet by routing module, comprising:
-preparation is called as the step of the signature packet of Ok grouping;
-preparation is called as the step of the signature packet of Ko grouping;
-on downlink path with the step of this packet and Ok and the transmission of Ko packet joining;
-by the step that adaptation module receives, comprising:
The step of the correct transmission of this packet of-test;
If-transmission is correctly carried out, then transmit the step of Ok grouping at return path;
If-transmission is carried out mistakenly, then transmit the step of Ko grouping at return path.
13. method of flow control according to claim 12 is characterized in that, this method also comprises:
-in the step of under the situation that return path does not have to receive, on downlink path, periodically being transmitted the signature packet that is called as NOP during preset time by routing module;
-transmit the step that any NOP that receives in downlink path divides into groups by adaptation module at return path.
CN2008801126654A 2007-10-23 2008-10-21 Bidirectional gateway with enhanced security level Active CN101836422B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0707428A FR2922705B1 (en) 2007-10-23 2007-10-23 BIDIRECTIONAL GATEWAY WITH REINFORCED SAFETY LEVEL
FR07/07428 2007-10-23
PCT/EP2008/064211 WO2009053361A1 (en) 2007-10-23 2008-10-21 Bidirectional gateway with enhanced security level

Publications (2)

Publication Number Publication Date
CN101836422A CN101836422A (en) 2010-09-15
CN101836422B true CN101836422B (en) 2013-09-11

Family

ID=39511037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008801126654A Active CN101836422B (en) 2007-10-23 2008-10-21 Bidirectional gateway with enhanced security level

Country Status (8)

Country Link
US (1) US8397286B2 (en)
EP (1) EP2204034B1 (en)
CN (1) CN101836422B (en)
BR (1) BRPI0818010A2 (en)
CA (1) CA2703298A1 (en)
FR (1) FR2922705B1 (en)
RU (1) RU2494561C2 (en)
WO (1) WO2009053361A1 (en)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2922705B1 (en) * 2007-10-23 2011-12-09 Sagem Defense Securite BIDIRECTIONAL GATEWAY WITH REINFORCED SAFETY LEVEL
US8739270B1 (en) * 2009-01-28 2014-05-27 The Boeing Company Trusted, cross domain information sharing between multiple legacy and IP based devices
FR2977238B1 (en) 2011-06-29 2013-08-02 Dassault Aviat AIRCRAFT MAINTENANCE SYSTEM OF AN AIRCRAFT AND ASSOCIATED AIRCRAFT.
WO2013013243A1 (en) 2011-07-21 2013-01-24 John Uczekaj Avionics gateway interface, systems and methods
US8762990B2 (en) 2011-07-25 2014-06-24 The Boeing Company Virtual machines for aircraft network data processing systems
US9239247B1 (en) 2011-09-27 2016-01-19 The Boeing Company Verification of devices connected to aircraft data processing systems
US8806579B1 (en) 2011-10-12 2014-08-12 The Boeing Company Secure partitioning of devices connected to aircraft network data processing systems
US8589020B1 (en) * 2011-11-29 2013-11-19 The Boeing Company Updating identity information in aircraft network data processing systems
WO2013190289A1 (en) * 2012-06-20 2013-12-27 Deep-Secure Limited Apparatus and method for connecting computer networks
GB2507250A (en) * 2012-08-22 2014-04-30 Anthony James Higgins Sending acknowledgments on a unidirectional channel
CN103186743B (en) * 2012-09-14 2015-10-28 曾崛 A kind of multi-network system data transmission device and method
US9858324B2 (en) 2013-06-13 2018-01-02 Northrop Grumman Systems Corporation Trusted download toolkit
FR3015830B1 (en) * 2013-12-19 2017-03-17 Sagem Defense Securite DEVICE FOR INTERCONNECTING CONTROLLED SAFETY COMMUNICATION NETWORKS
FR3017508B1 (en) * 2014-02-11 2016-03-04 Dassault Aviat SYSTEM AND METHOD FOR DATA EXCHANGE
US9503422B2 (en) * 2014-05-09 2016-11-22 Saudi Arabian Oil Company Apparatus, systems, platforms, and methods for securing communication data exchanges between multiple networks for industrial and non-industrial applications
US20150350247A1 (en) * 2014-05-30 2015-12-03 Apple Inc. Efficient secure instant messaging
GB201410089D0 (en) 2014-06-06 2014-07-23 Bae Systems Plc Secured network bridge
EP3139548B1 (en) * 2015-09-04 2018-04-11 Airbus Operations High assurance segregated gateway interconnecting different domains
FR3047335B1 (en) * 2016-01-28 2018-01-12 Renault S.A.S GATEWAY DEVICE FOR AN EMBEDDED COMMUNICATION SYSTEM OF A MOTOR VEHICLE.
US10721259B2 (en) * 2016-03-31 2020-07-21 The Boeing Company System and method for automatic generation of filter rules
US10063435B2 (en) * 2016-04-11 2018-08-28 The Boeing Company System and method for context aware network filtering
US11063886B2 (en) * 2016-12-08 2021-07-13 Vado Security Technologies Ltd System and method for directing data packets by a virtual switch over a unidirectional medium
FR3066293B1 (en) * 2017-05-11 2019-11-01 Thales IMPROVED AVIONIC SAFETY GATEWAY AND AIRCRAFT COMPRISING SUCH A GATEWAY
ES2778848T3 (en) * 2017-07-05 2020-08-12 Siemens Mobility GmbH Procedure and device for one-way transmission without data impact to a remote application server
CN107895391B (en) * 2017-08-30 2021-07-16 陕西千山航空电子有限责任公司 Flight parameter data packet processing method
EP3506587A1 (en) * 2017-12-29 2019-07-03 Nagravision S.A. Integrated circuit
EP3850812A4 (en) 2018-09-11 2022-06-08 AVEVA Software, LLC Server and system for secure configuration push for dmz proxy clients
RU2724796C1 (en) 2019-02-07 2020-06-25 Акционерное общество "Лаборатория Касперского" System and method of protecting automated systems using gateway
RU2746105C2 (en) 2019-02-07 2021-04-07 Акционерное общество "Лаборатория Касперского" System and method of gateway configuration for automated systems protection
CN114008975B (en) 2019-06-14 2023-08-25 西门子交通有限公司 Computing device and method for operating a computing device
DE102019209009A1 (en) * 2019-06-20 2020-12-24 Siemens Mobility GmbH Filter, assembly and method of operation for an assembly
US11349872B2 (en) * 2019-11-26 2022-05-31 General Electric Company Provably secure application-specific cross-domain solutions
CN112187722B (en) * 2020-09-02 2022-11-22 博依特(广州)工业互联网有限公司 Safety isolation system based on FPGA
CN112564918B (en) * 2020-12-03 2022-08-12 深圳大学 Lightweight active cross-layer authentication method in smart grid
US20220201474A1 (en) * 2020-12-22 2022-06-23 Koninklijke Fabriek Inventum B.V. Establishment of battery-free insert access to secure network
RU2770458C1 (en) * 2021-10-14 2022-04-18 Акционерное общество "Лаборатория Касперского" Network gateway and method for transferring data from a first network to a second network
EP4167523A1 (en) * 2021-10-14 2023-04-19 AO Kaspersky Lab Network gateway and method for transferring data from a first network to a second network
FR3135062A1 (en) * 2022-04-29 2023-11-03 Thales Network security gateway onboard an aircraft to connect low and high trust domains of an avionics IT infrastructure.
FR3139963A1 (en) * 2022-09-21 2024-03-22 Airbus Defence And Space Sas SYSTEM AND METHOD FOR EXPOSING DATA FROM A BLACK DOMAIN TO A RED DOMAIN

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1421076A (en) * 1999-11-03 2003-05-28 西门子信息通讯网络公司 Method for equalizing propagation delays and optimizing power level in radio communication system
CN1722674A (en) * 2004-07-15 2006-01-18 联想网御科技(北京)有限公司 A firewall and access restriction method thereof

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5898830A (en) * 1996-10-17 1999-04-27 Network Engineering Software Firewall providing enhanced network security and user transparency
US6272538B1 (en) * 1996-07-30 2001-08-07 Micron Technology, Inc. Method and system for establishing a security perimeter in computer networks
US6993582B2 (en) * 1996-07-30 2006-01-31 Micron Technology Inc. Mixed enclave operation in a computer network
US5828832A (en) * 1996-07-30 1998-10-27 Itt Industries, Inc. Mixed enclave operation in a computer network with multi-level network security
US5884142A (en) * 1997-04-15 1999-03-16 Globalstar L.P. Low earth orbit distributed gateway communication system
US6108583A (en) * 1997-10-28 2000-08-22 Georgia Tech Research Corporation Adaptive data security system and method
US6233618B1 (en) * 1998-03-31 2001-05-15 Content Advisor, Inc. Access control of networked data
US6212633B1 (en) * 1998-06-26 2001-04-03 Vlsi Technology, Inc. Secure data communication over a memory-mapped serial communications interface utilizing a distributed firewall
US6643783B2 (en) * 1999-10-27 2003-11-04 Terence T. Flyntz Multi-level secure computer with token-based access control
US6351817B1 (en) * 1999-10-27 2002-02-26 Terence T. Flyntz Multi-level secure computer with token-based access control
US6389542B1 (en) * 1999-10-27 2002-05-14 Terence T. Flyntz Multi-level secure computer with token-based access control
FR2804564B1 (en) * 2000-01-27 2002-03-22 Bull Sa MULTI-APPLICATION SAFETY RELAY
US20020112181A1 (en) * 2000-12-12 2002-08-15 Smith Mark Elwin Multilevel secure network access system
DE10142959A1 (en) * 2001-09-03 2003-04-03 Siemens Ag Method, system and computer for negotiating a security relationship on the application layer
US6889045B2 (en) * 2002-06-26 2005-05-03 Motorola, Inc. Method and apparatus for implementing bi-directional soft handovers between wireless networks via media gateway control
US7506368B1 (en) * 2003-02-13 2009-03-17 Cisco Technology, Inc. Methods and apparatus for network communications via a transparent security proxy
US8250235B2 (en) * 2003-05-19 2012-08-21 Verizon Patent And Licensing Inc. Method and system for providing secure one-way transfer of data
WO2005114947A1 (en) * 2004-05-20 2005-12-01 Qinetiq Limited Firewall system
JP2006148661A (en) * 2004-11-22 2006-06-08 Toshiba Corp Remote control system for information terminal, remote access terminal therefor, gateway server therefor, information terminal controller therefor, information terminal apparatus. and remote control method therefor
DE502004001973D1 (en) * 2004-12-23 2006-12-21 Cit Alcatel Device and method for secure error handling in protected communication networks
US7607167B1 (en) * 2005-06-27 2009-10-20 Rockwell Collins, Inc. Secure gateway/router
US7623458B2 (en) * 2005-09-30 2009-11-24 The Boeing Company System and method for providing integrated services across cryptographic boundaries in a network
US8041946B2 (en) * 2006-02-28 2011-10-18 The Boeing Company Data transfer between networks operating at different security levels
US8161529B1 (en) * 2006-03-02 2012-04-17 Rockwell Collins, Inc. High-assurance architecture for routing of information between networks of differing security level
US8060744B2 (en) * 2006-03-23 2011-11-15 Harris Corporation Computer architecture for an electronic device providing single-level secure access to multi-level secure file system
US7675867B1 (en) * 2006-04-19 2010-03-09 Owl Computing Technologies, Inc. One-way data transfer system with built-in data verification mechanism
US7873071B2 (en) * 2006-05-15 2011-01-18 The Boeing Company Multiple level security adapter
US20090252070A1 (en) * 2007-01-12 2009-10-08 Connors Dennis P Airlink management in a wireless broadcast system
FR2922705B1 (en) * 2007-10-23 2011-12-09 Sagem Defense Securite BIDIRECTIONAL GATEWAY WITH REINFORCED SAFETY LEVEL
US20090193503A1 (en) * 2008-01-28 2009-07-30 Gbs Laboratories Llc Network access control
US20100005179A1 (en) * 2008-07-03 2010-01-07 Raytheon Company Multi-Level Secure Network
CA2735247C (en) * 2008-08-19 2018-02-20 High Sec Labs Isolated multi-network computer system and apparatus
US8112046B2 (en) * 2009-02-04 2012-02-07 Mitre Corporation Wearable one way transfer device
US9305189B2 (en) * 2009-04-14 2016-04-05 Owl Computing Technologies, Inc. Ruggedized, compact and integrated one-way controlled interface to enforce confidentiality of a secure enclave
US20110153969A1 (en) * 2009-12-18 2011-06-23 William Petrick Device and method to control communications between and access to computer networks, systems or devices
WO2012012266A2 (en) * 2010-07-19 2012-01-26 Owl Computing Technologies. Inc. Secure acknowledgment device for one-way data transfer system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1421076A (en) * 1999-11-03 2003-05-28 西门子信息通讯网络公司 Method for equalizing propagation delays and optimizing power level in radio communication system
CN1722674A (en) * 2004-07-15 2006-01-18 联想网御科技(北京)有限公司 A firewall and access restriction method thereof

Also Published As

Publication number Publication date
FR2922705B1 (en) 2011-12-09
WO2009053361A1 (en) 2009-04-30
CA2703298A1 (en) 2009-04-30
RU2494561C2 (en) 2013-09-27
EP2204034B1 (en) 2019-04-03
CN101836422A (en) 2010-09-15
FR2922705A1 (en) 2009-04-24
US8397286B2 (en) 2013-03-12
BRPI0818010A2 (en) 2015-04-14
RU2010114660A (en) 2011-11-27
US20100299742A1 (en) 2010-11-25
EP2204034A1 (en) 2010-07-07

Similar Documents

Publication Publication Date Title
CN101836422B (en) Bidirectional gateway with enhanced security level
US9635037B2 (en) Remote control of secure installations
CN108965215B (en) Dynamic security method and system for multi-fusion linkage response
CN101300806B (en) System and method for processing secure transmissions
US9294506B2 (en) Method and apparatus for security encapsulating IP datagrams
WO2019036019A1 (en) Systems and methods for implementing data communications with security tokens
US9009839B2 (en) Method and device for protecting the integrity of data transmitted over a network
AU2018389883B2 (en) Device and method for transmitting data between a first and a second network
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
CN107172020A (en) A kind of network data security exchange method and system
AU2008328833A1 (en) Method for securing a bi-directional communication channel and device for implementing said method
US9015825B2 (en) Method and device for network communication management
CN107425978A (en) System and method for being securely communicated by wideband data link
King Investigating and securing communications in the Controller Area Network (CAN)
CN108777681A (en) Network data unidirectional transmission control method based on NDIS filtration drives
Daily et al. Securing CAN traffic on J1939 networks
US20120163383A1 (en) Method and device for transmitting data between two secured ethernet-type networks through a routed network
Åkerberg et al. Exploring network security in profisafe
RU2449361C2 (en) Method of protecting computer network having dedicated server
CN210839642U (en) Device for safely receiving and sending terminal data of Internet of things
CN114826748A (en) Audio and video stream data encryption method and device based on RTP, UDP and IP protocols
US11588798B1 (en) Protocol free encrypting device
CN101217532B (en) An anti-network attack data transmission method and system
CN104247326A (en) Field bus data transmission
Kleberger et al. Securing vehicle diagnostics in repair shops

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant